Timeverse Security Profile: Crypto‑Agile, PQ‑Ready Signatures, Anti‑Replay, and Canonical Encoding for Q‑Address and TSAE
Tarik Ouardi
Abstract
Timeverse Security Profile specifies a crypto-agile security layer for coordination systems that use phase-window scheduling (Q-Address) and auditable event anchoring (TSAE / optional Clockchain anchoring). Core rule (strict): Timeverse timing and addressing fields are public context, not secrets. They may be bound as associated data (domain separation), but must not be treated as cryptographic secrets. The profile provides: Authenticity & integrity: signatures over canonical encodings of security-relevant objects. Replay protection: cycle/window gating plus nonce-based anti-replay within a policy-defined horizon. Auditability: hash commitments suitable for anchoring (e.g., minimal on-chain anchors). Optional confidentiality: standard KEM + HKDF + AEAD patterns when encryption is required. Crypto-agility / PQ readiness: algorithm suites are selected via security_profile_id and can migrate to NIST post-quantum standards without changing Timeverse semantics. Normative dependencies: Phase-Coordination Series Conventions (ticks, windows, modulo, convention_id semantics):https://doi.org/10.5281/zenodo.18068999 Q-Address (tick-canonical macro window + micro slot):https://doi.org/10.5281/zenodo.18068997 Keywords: Timeverse, security profile, Q-Address, TSAE, signatures, anti-replay, nonce policy, canonical encoding, HKDF, AEAD, post-quantum, crypto-agility.